<?php

require_once ABSPATH . '/system/class_QQMailer.php';

require_once ABSPATH . '/system/sql.php';

$sql_link = MySQL::getInstance();

if($_GET['action'] == 'reset' && $_GET['email'] !='' ){
    $email = $_GET['email'];

    $res = $sql_link->prepare('SELECT id FROM users WHERE email=:email');
    $res->bindParam(':email',$email);
    $res->execute();
    $sel_data = $res->fetch(PDO::FETCH_ASSOC);

    if(!empty($sel_data)){

        $user_id = $sel_data['id'];

        $token = pass_token_get($user_id);

        $url='http://'.$_SERVER['SERVER_NAME'];
        $params = explode('?', $_SERVER["REQUEST_URI"]);
        $params = explode('/', trim($params[0], '/'));
    
        foreach ($params as $value) {
            if($value == 'api'){
                break;
            }
            $url = $url.'/'.$value;
        }
        $url = $url.'/#/user/reset/user='.$user_id.'?'.$token;
    
        //$mailer = new QQMailer(EMAIL_USERNAME,EMAIL_PASSWORD,true);
        $mailer = new QQMailer(EMAIL_USERNAME,EMAIL_PASSWORD);
        // 添加附件
        //$mailer->addFile('20130VL.jpg');
        // 邮件标题
        $title = '重置密码';
        // 邮件内容
        $content = <<< EOF
        <p align="center">
        实验室人流统计系统密码重置链接(30分钟内有效)<br>
        $url</p>
EOF;
        // 发送QQ邮件
        $mailer->send($email, $title, $content,EMAIL_NICKNAME,EMAIL_FEOM);
    }

    $ret = array(
        'code' => 200,
        'msg' => 'ok',
    );
    
}else if($_POST['user'] != '' && $_POST['token'] != ''&& $_POST['pass'] != '' ){
    $user_id = $_POST['user'];
    $toekn = $_POST['token'];
    $pass = $_POST['pass'];

    if(pass_token_verify($user_id,$toekn))
    {
        $res = $sql_link->prepare('UPDATE users SET pass = :pass WHERE id = :id');
        $res->bindParam(':id',$user_id);
        $res->bindParam(':pass',$pass);
        $pass = password_hash($pass,PASSWORD_DEFAULT);
        $res->execute();

        $ret = array(
            'code' => 200,
            'msg' => 'ok',
        );
    }else{
        $ret = array(
            'code' => 403,
            'msg' => '已失效',
        );
    }
}

echo json_encode($ret);


function pass_token_get($id){
    $token = md5($username.time().rand()); 
    $time = time();

    $sql_link = MySQL::getInstance();
    $res = $sql_link->prepare('UPDATE users SET token = :user_token WHERE id = :id');
    $res->bindParam(':id',$id);
    $res->bindParam(':user_token',$user_token);
    $user_token = $time.'|'.$token;
    $res->execute();

    return $token;
}

function pass_token_verify($id,$token){
    $sql_link = MySQL::getInstance();
    $res = $sql_link->prepare('SELECT token FROM users WHERE id = :id');
    $res->bindParam(':id',$id);
    $res->execute();
    $data = $res->fetch(PDO::FETCH_ASSOC);

    $user_token = $data['token'];
    $temp = explode('|',$user_token,2);
    $time_save = $temp[0];
    $token_save = $temp[1];
    $time = time();

    if($time < $time_save + 1800 && $token_save == $token){
        //使token过期
        $time = $time - 1800;
        $res = $sql_link->prepare('UPDATE users SET token = :user_token WHERE id = :id');
        $res->bindParam(':id',$id);
        $res->bindParam(':user_token',$user_token);
        $user_token = $time.'|'.$token_save;
        $res->execute();
        unset($data['token']);
        $data['id'] = $id;
        return true;
    }
    return false;
}